update: PLT hooks unload

This commit changes how PLT hooks are unloaded, so that we're able to bypass detections caused by page faulting libandroid_runtime.so.

loader/src/injector/hook.cpp

@@ -31,7 +31,6 @@
 using namespace std;
 
 static void hook_unloader();
-static void unhook_functions();
 
 namespace {
 
@@ -220,8 +219,14 @@ DCL_HOOK_FUNC(int, pthread_attr_setstacksize, void *target, size_t size) {
     if (gettid() != getpid())
         return res;
 
+    delete plt_hook_list;
+
     if (should_unmap_zygisk) {
-        unhook_functions();
+        if (!lsplt::InvalidateBackup()) {
+            LOGE("Failed to invalidate backup for plt_hook");
+
+            should_unmap_zygisk = false;
+        }
         cached_map_infos.clear();
 
         if (should_unmap_zygisk) {
@@ -232,6 +237,17 @@ DCL_HOOK_FUNC(int, pthread_attr_setstacksize, void *target, size_t size) {
 
             [[clang::musttail]] return munmap(start_addr, block_size);
         }
+    } else {
+        for (const auto &[dev, inode, sym, old_func] : *plt_hook_list) {
+            if (!lsplt::RegisterHook(dev, inode, sym, *old_func, nullptr)) {
+                LOGE("Failed to register plt_hook [%s]", sym);
+            }
+        }
+
+        if (!lsplt::CommitHook(cached_map_infos)) {
+            LOGE("Failed to restore plt_hook");
+            should_unmap_zygisk = false;
+        }
     }
 
     return res;
@@ -950,17 +966,3 @@ static void hook_unloader() {
     PLT_HOOK_REGISTER(art_dev, art_inode, pthread_attr_setstacksize);
     hook_commit();
 }
-
-static void unhook_functions() {
-    // Unhook plt_hook
-    for (const auto &[dev, inode, sym, old_func] : *plt_hook_list) {
-        if (!lsplt::RegisterHook(dev, inode, sym, *old_func, nullptr)) {
-            LOGE("Failed to register plt_hook [%s]", sym);
-        }
-    }
-    delete plt_hook_list;
-    if (!hook_commit()) {
-        LOGE("Failed to restore plt_hook");
-        should_unmap_zygisk = false;
-    }
-}